Thanks, Kings.
From: Kingsley Charles [mailto:[email protected]] Sent: 18 July 2010 09:30 AM To: Johan Bornman Cc: OSL Security Subject: Re: [OSL | CCIE_Security] V1 Lab 2.15 Comments inline On Sun, Jul 18, 2010 at 11:43 AM, Johan Bornman <[email protected]> wrote: Hi, Finally worked through this lab but I have a few questions (It certainly kept me busy for many many hours): 1. When forgetting to use match-any or match-all the default will ALWAYS be match-all? Yes 2. A Trend url filtering server is used in this task. I am not always sure when to add "trend" to the command, for example; class type urlfilter LOCAL_PERMIT can also be typed as class type urlfilter trend LOCAL_PERMIT. What is the difference in the context of lab 2? R2(config-pmap)#class type urlfilter ? WORD class-map name trend URLF sub-class type trend I still don't comprehend all of it as yet, but I am sure repetition will get me there. There are four types of URL filtering that you can do with IOS. * Local configured with white and back list * n2h2 * websense * Trend Cisco started to support Trend based URL filter from 12.4(20)T and changed the class-map/policy maps to a new syntax. But in lab you have 12.4(15)T which supports the legacy URL filter CLI The following is that you should be aware of: 12.4(15)T supports only n2n2 and websense. You need not worry about Trend parameter-map type urlfilter websense server vendor websense 10.20.30.40 class-map type inspect match-all httptraffic match protocol http policy-map type inspect urlfilterpolicy class type inspect httptraffic inspect urlfilter websense Thanks Johan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
